getLoginStatus(get_client_ip());
switch ($bfstatus['status']) {
case 'error_403':
$flash->clear(); // @todo hack, since flash messages after the last error should not be retained
exit_with_error_code(403);
break;
}
if ($_POST) {
switch ($_POST['do']) {
default:
exit_with_error_code(403);
break;
case 'login':
recaptcha2_validate_request();
$login = json_decode($auth->authenticate($_POST['username'], $_POST['password']));
if ($login->status == 'success') {
$user = new \ProjectSend\Classes\Users($login->user_id);
ps_redirect($login->location);
} else {
$flash->error($auth->getError());
switch ($bfstatus['status']) {
case 'delay':
if (is_numeric($bfstatus['message'])) {
$flash->error('
' . sprintf(__('Please wait %s seconds before attempting to log in again.', 'cftp_admin'), '' . $bfstatus['message'] . '') . '
');
if ($bfstatus['message'] > 150) {
$flash->error(sprintf(__('Warning: You are about to reach the failed attempts limit, which will completely block your access for a few minutes.', 'cftp_admin'), $bfstatus['message']));
}
}
break;
}
ps_redirect(BASE_URI);
}
// $auth->setLanguage($_POST['language']);
break;
case '2fa_verify':
recaptcha2_validate_request();
$code = $_POST['n1'] . $_POST['n2'] . $_POST['n3'] . $_POST['n4'] . $_POST['n5'] . $_POST['n6'];
$login = json_decode($auth->validate2faRequest($_POST['token'], (int)$code));
if ($login->status == 'success') {
$user = new \ProjectSend\Classes\Users($login->user_id);
ps_redirect($login->location);
} else {
$flash->error($auth->getError());
ps_redirect(BASE_URI . "index.php?form=2fa_verify&token=" . $_POST['token']);
}
break;
case '2fa_request_another':
recaptcha2_validate_request();
$auth_code = new \ProjectSend\Classes\AuthenticationCode();
if (!$auth_code->getByToken($_POST['token'])) {
exit_with_error_code(403);
}
$props = $auth_code->getProperties();
if ($auth_code->canRequestNewCode($props['user_id'])) {
$request = json_decode($auth_code->requestNewCode($props['user_id']));
if ($request->status == 'success') {
ps_redirect(BASE_URI . "index.php?form=2fa_verify&token=" . $request->token);
}
ps_redirect(BASE_URI);
}
break;
}
}
$csrf_token = getCsrfToken();
$login_types = array(
'local' => '1',
'ldap' => get_option('ldap_signin_enabled'),
);
$valid_forms = ['login', '2fa_verify'];
$form = (isset($_GET['form']) && in_array($_GET['form'], $valid_forms)) ? $_GET['form'] : 'login';
if ($form == '2fa_verify') {
$request = new \ProjectSend\Classes\AuthenticationCode();
$get_request = $request->getByToken($_GET['token']);
if ($get_request == false) {
exit_with_error_code(403);
}
$props = $request->getProperties();
$user = get_user_by_id($props['user_id']);
$masked_email = mask_email($user['email']);
}
include_once ADMIN_VIEWS_DIR . DS . 'header-unlogged.php';
?>